Total
7741 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-0069 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147882143References: M-ALPS04356754 | |||||
CVE-2020-0010 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A | |||||
CVE-2019-9315 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In libhevc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326216 | |||||
CVE-2019-2171 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113035086 | |||||
CVE-2019-2210 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-139148442 | |||||
CVE-2020-0062 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031 | |||||
CVE-2020-0035 | 1 Google | 1 Android | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-140622024 | |||||
CVE-2019-9363 | 1 Google | 1 Android | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123584306 | |||||
CVE-2019-9357 | 1 Google | 1 Android | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112662995 | |||||
CVE-2020-0009 | 2 Debian, Google | 2 Debian Linux, Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932 | |||||
CVE-2019-2222 | 1 Google | 1 Android | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 | |||||
CVE-2019-9257 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113572342 | |||||
CVE-2019-9356 | 1 Google | 1 Android | 2023-12-10 | 1.9 LOW | 5.0 MEDIUM |
In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111699773 | |||||
CVE-2019-2064 | 1 Google | 1 Android | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116469592 | |||||
CVE-2019-2145 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112858430 | |||||
CVE-2019-2187 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143 | |||||
CVE-2019-2036 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-79703832 | |||||
CVE-2019-2079 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509210 | |||||
CVE-2019-11516 | 1 Google | 1 Android | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition. | |||||
CVE-2020-0051 | 1 Google | 1 Android | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in Settings with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138442483 |