National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:android:-
There are 1,186 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-5816

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.

Published: June 27, 2019; 01:15:14 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-2025

In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel

Published: June 19, 2019; 05:15:10 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-2024

In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use after free issue. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111761954References: Upstream kernel

Published: June 19, 2019; 05:15:10 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-2101

In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968.

Published: June 07, 2019; 04:29:01 PM -04:00
V3: 5.5 MEDIUM
V2: 4.9 MEDIUM
CVE-2019-2054

In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499

Published: May 08, 2019; 01:29:01 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-6243

NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges. Android ID: A-72315075. Severity Rating: High. Version: N/A.

Published: May 07, 2019; 04:29:01 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-9798

On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.

Published: April 26, 2019; 01:29:02 PM -04:00
V3: 7.4 HIGH
V2: 5.8 MEDIUM
CVE-2018-12400

In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63.

Published: February 28, 2019; 01:29:01 PM -05:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-12391

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Published: February 28, 2019; 01:29:00 PM -05:00
V3: 8.8 HIGH
V2: 9.3 HIGH
CVE-2019-2001

The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211.

Published: February 28, 2019; 12:29:01 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2019-2000

In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.

Published: February 28, 2019; 12:29:01 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-1999

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Published: February 28, 2019; 12:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

Published: February 19, 2019; 12:29:01 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

Published: February 19, 2019; 12:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -05:00
V3: 9.6 CRITICAL
V2: 6.8 MEDIUM
CVE-2018-6271

NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.

Published: February 13, 2019; 05:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-6268

NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.

Published: February 13, 2019; 05:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-6267

NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.

Published: February 13, 2019; 05:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-13893

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.

Published: February 11, 2019; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-13889

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed

Published: February 11, 2019; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH