Android
by Google
CVEs (4,041)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-2078 | 0.00 | — | 0.01 | Sep 27, 2019 | In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114749542 | |||
| CVE-2019-2070 | 0.00 | — | 0.01 | Sep 27, 2019 | In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117883804 | |||
| CVE-2019-2108 | 0.00 | — | 0.01 | Sep 5, 2019 | In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | |||
| CVE-2019-2124 | 0.00 | — | 0.00 | Sep 5, 2019 | In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure. | |||
| CVE-2019-2180 | 0.00 | — | 0.00 | Sep 5, 2019 | In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed… | |||
| CVE-2019-2178 | 0.00 | — | 0.00 | Sep 5, 2019 | In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction… | |||
| CVE-2019-2135 | 0.00 | — | 0.01 | Aug 20, 2019 | In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2019-2128 | 0.00 | — | 0.00 | Aug 20, 2019 | In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | |||
| CVE-2019-2119 | 0.00 | — | 0.00 | Jul 8, 2019 | In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation.… | |||
| CVE-2019-2117 | 0.00 | — | 0.00 | Jul 8, 2019 | In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not… | |||
| CVE-2019-2113 | 0.00 | — | 0.00 | Jul 8, 2019 | In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:… | |||
| CVE-2019-2105 | 0.00 | — | 0.01 | Jul 8, 2019 | In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.… | |||
| CVE-2019-2018 | 0.00 | — | 0.01 | Jun 19, 2019 | In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-110172241 | |||
| CVE-2019-1989 | 0.00 | — | 0.01 | Jun 19, 2019 | In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | |||
| CVE-2019-2004 | 0.00 | — | 0.00 | Jun 19, 2019 | In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2019-1985 | 0.00 | — | 0.00 | Jun 19, 2019 | In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2019-2053 | 0.00 | — | 0.00 | May 8, 2019 | In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2019-2052 | 0.00 | — | 0.01 | May 8, 2019 | In VisitPointers of heap.cc, there is a possible out-of-bounds read due to type confusion. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0… | |||
| CVE-2019-2051 | 0.00 | — | 0.01 | May 8, 2019 | In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2019-2047 | 0.00 | — | 0.01 | May 8, 2019 | In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… |
- CVE-2019-2078Sep 27, 2019risk 0.00cvss —epss 0.01
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114749542
- CVE-2019-2070Sep 27, 2019risk 0.00cvss —epss 0.01
In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117883804
- CVE-2019-2108Sep 5, 2019risk 0.00cvss —epss 0.01
In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
- CVE-2019-2124Sep 5, 2019risk 0.00cvss —epss 0.00
In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure.
- CVE-2019-2180Sep 5, 2019risk 0.00cvss —epss 0.00
In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed…
- CVE-2019-2178Sep 5, 2019risk 0.00cvss —epss 0.00
In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction…
- CVE-2019-2135Aug 20, 2019risk 0.00cvss —epss 0.01
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2019-2128Aug 20, 2019risk 0.00cvss —epss 0.00
In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- CVE-2019-2119Jul 8, 2019risk 0.00cvss —epss 0.00
In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2019-2117Jul 8, 2019risk 0.00cvss —epss 0.00
In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not…
- CVE-2019-2113Jul 8, 2019risk 0.00cvss —epss 0.00
In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID:…
- CVE-2019-2105Jul 8, 2019risk 0.00cvss —epss 0.01
In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.…
- CVE-2019-2018Jun 19, 2019risk 0.00cvss —epss 0.01
In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-110172241
- CVE-2019-1989Jun 19, 2019risk 0.00cvss —epss 0.01
In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- CVE-2019-2004Jun 19, 2019risk 0.00cvss —epss 0.00
In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2019-1985Jun 19, 2019risk 0.00cvss —epss 0.00
In findAvailSpellCheckerLocked of TextServicesManagerService.java, there is a possible way to bypass the warning dialog when selecting an untrusted spell checker due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges…
- CVE-2019-2053May 8, 2019risk 0.00cvss —epss 0.00
In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible out-of-bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2019-2052May 8, 2019risk 0.00cvss —epss 0.01
In VisitPointers of heap.cc, there is a possible out-of-bounds read due to type confusion. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0…
- CVE-2019-2051May 8, 2019risk 0.00cvss —epss 0.01
In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional execution privileges needed. User interaction is not needed for…
- CVE-2019-2047May 8, 2019risk 0.00cvss —epss 0.01
In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
Page 190 of 203