National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,156 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2019-9464

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068

Published: December 06, 2019; 06:15:13 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-2232

In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2019-2231

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-141955555

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 4.4 MEDIUM
    V2: 2.1 LOW
CVE-2019-2230

In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-2229

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-2228

In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-2227

In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 3.3 LOW
CVE-2019-2226

In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-2225

When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 5.8 MEDIUM
CVE-2019-2224

In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2019-2223

In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-2222

n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-2221

In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-2220

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979

Published: December 06, 2019; 06:15:12 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2019-2219

In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-119041698

Published: December 06, 2019; 06:15:11 PM -05:00
V3.1: 4.7 MEDIUM
    V2: 4.7 MEDIUM
CVE-2019-2218

In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173

Published: December 06, 2019; 06:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-2217

In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796

Published: December 06, 2019; 06:15:11 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-10769

safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError.

Published: December 06, 2019; 06:15:11 PM -05:00
(not available)
CVE-2019-18575

Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.

Published: December 06, 2019; 04:15:10 PM -05:00
(not available)
CVE-2019-11293

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.

Published: December 06, 2019; 03:15:09 PM -05:00
(not available)